The security of Android, foiled by a 3D printed head

A 3D printed plaster head has fooled the facial recognition of four popular Android phones, a situation that worries specialists.

Forbes journalist Thomas Brewster himself performed these tests using a plaster replica of his face that he had custom made. Facial recognition of tested Android phones could be circumvented by this hoax, but not that of iPhone X, Apple, or that of Microsoft software.

These findings are of concern to cybersecurity experts, who are interviewed by Forbes and Techcrunch, who recommend that you stop using facial recognition to secure devices or use them in combination with a password or secret digital code.

LG better than Samsung and OnePlus

The $500 head-to-head failed the protection of four of the most popular Android devices: the Samsung Galaxy S9, the Samsung Galaxy Note8, the LG G7 ThinQ and the OnePlus 6.

Of all these phones, the OnePlus 6 was the least effective, unlocking instantly as soon as the face of plaster was placed in front of the sensors.

The Samsung Galaxy Note8, the most expensive device of the four Android models, has also proven unsafe in fast recognition mode. His normal mode lasted longer, forcing the Forbes team to adjust the lighting to unlock it; the security of this phone is less effective when the lighting is warmer (more yellow or orange).

It also took a few seconds for the plaster head to defeat the facial recognition of the Samsung Galaxy S9.

Only the LG G7 ThinQ seemed to detect the deception, not reacting to the fake face every time in its safest mode. The faster detection modes have, on their side, sometimes been foiled.

Apple and Microsoft, impenetrable

As for the iPhone X, Apple, nothing has done. The luxury phone of the Californian brand has never flopped, regardless of the setting or lighting chosen. Ditto for the new Windows Hello system from Microsoft, which allows you to unlock computers running Windows 10.

Last September, US police used Apple’s Face ID technology to unlock a suspect’s phone by pointing the detectors to his face. This method served as a shock to the cybersecurity community, which then warned the public of the risks associated with this kind of security system.

In the U.S., police can not ask a suspect to disclose a password, but they are allowed to point a phone at a person’s face or use their fingerprints to unlock a device.With information from Forbes and Techcrunch

Cameron graduated at the University of Florida, and he’s one of our reporters. During school, he picked up a lot of skills in writing and interacting with people and in his spare time he leaned coding. He’s not just one of our reporters, but he’s also helping to keep the Three Zebras site up and running as smooth as possible for our readers. Apart from coding, he likes sci-fi books and movies, especially the Star Wars saga.